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451 Research is a leading IT research 
and advisory company 


i Founded in 2000, 451 Research is a technology 
Research research group within S&P Global Market Intelligence, 
providing enterprises, product vendors, service 
providers and investors with insight into market trends 
Market Intelligence and drivers across multiple areas of focus 
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Sweeping changes 


Monolithic 
Standalone software 
Self-contained 

APIs 

Waterfall 

IT 

Enterprise 


Networks 
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Microservices 
Integrated services 
Service mesh 
‘Functions as a Service’ 
Agile 

DevOps 

lol, OT, consumer 


5G 


security’s incumbents and 
the 'Innovator's Dilemma’ 
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» Bet on the future, at the risk of 
under-investing in current traction”? 


» Or double down on current success 
- but risk missing out on 
tomorrow's opportunities? 


© layton M. Christensen 
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Here comes 
the BOOMs 


How high is up? 


Major cloud hyperscalers: 


Quarterly revenues ($ Billions) YOY Growth 
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AWS Azure GCP* IBM HPE Cisco 


AWS Microsoft Google 


-10% 
Azure* Cloud ° 


451RESEARCH.COM Adapted from https://bernardgolden.com/amg-q419-numbers-how-high-can-they-go/ 
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But cloud is hardly the homogeneous, 
monolithic entity often gien 


No single point Polyglot A lot of 
of control applications SE 


“Its complicated...” 


Primary workload deployment venue 


laaS/Paas 
SaaS 


Third-party colocation environment 


Increase from 
22% t0 40% 


2/3 


Hosted private cloud 


On-premises private cloud infrastructure 


Increase from 
Mi 27% to 34% L 


On-premises ‘traditional’ IT infrastructure 


On-Premises 


J 1/3 


2019 2021 
(n=885) (n=849) 


451RESEARCH.COM Q. And thinking about all of your organization's workloads/applications, where will the majority of these be deployed two years from now? 


Q. Thinking about all of your organization’s workloads/applications, where are the majority of these currently deployed? 
© ©2020 451 Research. All Rights Reserved. Source: 451 Research's Voice of the Enterprise: Digital Pulse, Workloads & Key Projects 2019 


Maybe 
. a little 
complexity 
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Security has lots of opportunities... 


» Operational container & platform security 
» Dynamic app sec testing » Secure orchestration 
» Operational protections 


» Software composition analysis 
» Developer training 


WEE 
MONITOR 


PLAN CODE RELEASE 


» Static app sec testing » Defining container 


> Gating for security 


> Source security security ts > Vulnerability assessment 
integrated with » Runtime app sec N » Threat activity monitoring 
the IDE GE » Vulnerability checks 
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One challenge you'll face as you go down this road is: security. 


But they don't 
exactly love us... 


» Pace 


dy have a hate- 


I know, I know. As developers, you probably already have a hate- 
hate relationship with security 


protection, transport/network, etc) I’m going to concentrate this 


post mostly on how microservices communicate with each other and 


some of the problems that arise. 


» Functional and business 
requirements first 


Traditionally, we've assumed that networking 


> Toolchain integration 
> Putting the developer first 
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And each shop has its own toolset preferences 


PERIODIC TABLE OF DEVOPS TOOLS (v3) 


EMBED DOWNLOAD 
Os Open Source (source Control Mgmt B Deployment Bi: 
y Fr Free Database Automation (containers HH monitoring 
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Pd Paid Testing Cloud ji Collaboration 
A Enterprise Bll configuration AlOps 


De 
Docker 
Enterprise 


3 Fm L En M 

Bb |Pf 

BitBucket Perforce z 
HelixCore 


Da] XebiaLabs 


Publication Guidelines 


Download 


451RESEARCH.COM 
©2020 451 Research. All Rights Reserved. Source: 


Security teams that don't enable developers to use AST tools 
will soon be on the wrong side of a clearly identifiable trend 
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Application Security Tool Usage by Team 


-æ Information security -æ Application development 


62% 
59% 58% 
52% 
48% 
41% 42% 
38% 
03 2016 032017 032018 03 2019 
(n=256) (n=159) (n=142) (n=147) 


Q. How is the usage of application security tools allocated across the following two teams in your organization? 
Base: Respondents currently using application security 
Source: 451 Research's Voice of the Enterprise: Information Security, Budgets 8. Outlook 2019 
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Okay, a LOT more complexity 


In the enterprise*: Total connected loT devices (in billions of units) 


2019 2020 2021 2022 2023 2024 


*Not including consumer devices (e.g., PCs, smart TVs, game consoles) 


en. an 
©2020 451 Research. All Rights Reserved. Source: 451 Research’s loT Market Monitor, June 2019 


Oh. 


d GitHub 


Thank you for 100 million 


repositories Microsoft to acquire GitHub for $7. 5 billion 
e Jason Warner June 4, 2018 | Microsoft News Center 


451RESEARCH.COM Sources: https://github. blog/2018- 11-08-100m-repos/, 
©2020 451 Research. All Rights Reserved.  https://news.microsoft.c 2018/06/04/microsoft-to-acquire-github-for-7-5-billion 


Vulnerability remediation and the 
"Russian doll’ of open source 


Example: Struts 2 vulnerability 
> ...which extends the Java Servlet API 


> had a vulnerability in OGNL (remote 
code execution exposure) 


> ...which is incorporated in Jakarta 


> which was part of Apache 
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Still more 
complexity 


~ Let's get 
"em all on 
7 the network! 
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How many people”? 
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It’s all about proof 


Under what conditions? 2 To which targets? 


Decision-making: Fine-grained 
Al/ML-enabled access control 


Enterprise users 


Customers 


A 
4 | AUTHORIZATION 
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tional IT endpoints A 
WITH SECURITY FOR DATA THROUGHOUT 


Applications, cloud resources, 
APIs, SaaS, etc. 


and, oh yeah, DATA 


4 
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- Now, multiply 
aeach decision on 
„a scale of billions. 


‘Continuously. 
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Expand 
your 
thinkin 
about... 


Security analytics 


It can't all be done in one place 


Distributed compute now 
may be nothing compared 
to what's coming 


á À 451RESEARCH.COM 
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People with no idea about Al 


saying it will take over the world: My Neural Network: 


Z Lë TATA LAADAL 


451RESEARCH.COM Twitter: OMVLibertas (Mat Vaillancourt) 
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CENTRALIZED COMPUTE, Distributed analytics 
STORAGE, INTEGRATION 


and control fits other 
emerging patterns 


> Ways to distribute high-volume analysis 


» (And offload compute for less capable 
endpoints) 


> Edge - or ‘fog’ - computing 
» Stream analytics 


» ‘Zero trust’ access enforcement 
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Sources of security insight - 
talking to each other, too 


Legacy resources Third-party services 


3 f > Reputation wee 
men > Activity monitoring ES SaaS 
:. > Policy 4 $ 


CSPs 


Partners |==- Functions aS a service 
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Those integrating third-party security solutions outnumber those 
that will rely exclusively on a cloud provider's services 


PLAN TO INTEGRATE ADDITIONAL SECURITY SERVICES IN THE CLOUD 


Yes - we will use third-party security services 


No - we will use whatever the hosted provider supplies 


Yes - we will use a premium security 
service offered by the hosted provider 


Other 


451RESEARCH.COM Base: All respondents (n=231) 


Q. Do you plan to acquire additional security services for your hosted architecture in 2019? 
© ©2020 451 Research. All Rights Reserved. Source: 451 Research's Voice of the Enterprise: Information Security, Budgets and Outlook 2019 


Cyber risk scoring: The ‘new black 


Or rather, a 


color palette Loss Exceedance Curve 
> Too much high - low 5,6% mauan 
. $ vb 45% probability of a $140.4M loss 
Third party and E 
supplier risk ratings ET õit jäetaks y 
are ‘in’ à 20% 
Challenges Le SE OS OS OS OS OS FS 
nu S s Ss JS S s Es 
> Visible attack surface? Erna 


» Business impact? 
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Automation: Similar patterns here, too 


IT AUTOMATION 


Security Automation & 
Orchestration (‘SOAR’) 


CI/CD 


Robotic Process 
Automation (RPA) 
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GitOps: Putting security inline with CI/CD 


> Automated pipelines deploy changes to infrastructure when 
changes are made to Git (using ‘diff,’ ‘sync’ tools) 


» Helps isolate credential leakage across boundaries 
> Performs actions on pull request 
» Check for vulnerabilities embedded in packages 
» Report or block actions when vulns are present 


OSS Repo > Scan for non-secure implementations 
K Recommend - and where able, automate - fixes 


Prod 
Cluster 


Code Repo Image Repo 
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GitOps, or Why the Future Has No 
Dashboards 


February 13th 2019 WY TWEET THIS 


451RESEARCH.COM By Arthur Schmunk (@schmunk) 
©2020 451 Research. All Rights Reserved. https://hackernoon.com/gitops-or-why-the-future-has-no-dashboards-38ce026a3c56 


Role of Citizen Data Scientist in Today's Business 


How are 
we going to 
source all this? N 


: as me 


> I 7 d SE Bi be 
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= Code/No-Code 
BE, s Movement: More 


Disruptive Than 


Citizen Develope You Realize 


Coming soon, to a major industry con near you 


...But not exactly 
You inspired this year’s theme. our first rodeo. 


re SES 


The Human Element at RSAC | WANTED 


Bug Bounty Program 


2020: | 


| PATCHED or ALIVE 


Join cybersecurity leaders and peers as we explore 
our critical role in ensuring a safer, more secure 
future. Access expert-led sessions and keynotes, 
exciting innovation programs, in-depth tutorials and 
trainings, expanded networkingopportunities, 
product demos and more. 
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The 'GitHub-ification' of security 


MITRE ATT&CK™ Navigator 
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